blucli

SUSPICIOUS. The declared purpose is narrow and plausible, but the submitted skill is effectively just a transitive installer stub. The main risk is install trust: it directs the agent/user to load an externally hosted skill with unclear provenance, no pinning, and mixed registry/publisher signals. No direct credential theft or exfiltration is shown here, so this is not confirmed malware, but it is a medium-risk skill due to supply-chain and transitive-install concerns.